package servlet;

import entity.Banner;
import utils.JdbcUtils;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.List;

/**
 * 接收登录请求：登录控制器
 *
 */
@WebServlet("/loginServlet")
public class loginServlet extends HttpServlet {
    public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.setContentType("text/html;charset=utf-8"); // 解决中文乱码
        // 1、获取提交过来的用户名和密码
        String uname = req.getParameter("username");
        String password = req.getParameter("password");
        // 2、 验证用户名和密码的正确性 TODO
        /**
         * 操作数据步骤：
         * 1、获取数据库连接对象
         * 2、获取执行SQL的句柄
         * 3、执行SQL语句
         * 4、处理结果
          */
        try {
            Connection connection = JdbcUtils.getConnection();
            if(connection != null){
                Statement statement = connection.createStatement();
                String sql="select * from user where name='"+uname+"' and password='"+password+"'";// SQL注入问题
                ResultSet resultSet = statement.executeQuery(sql);
                List<Banner> bannerList = new ArrayList<>();
                if(resultSet.next()){// true代表用户存在
                    String sql2 = "select * from banner";
                    ResultSet resultSet1 = statement.executeQuery(sql2);
                    while(resultSet1.next()){
                        Banner newBanner = new Banner("","","");
                        String title = resultSet1.getString("title");
                        int sort = resultSet1.getInt("sort");
                        String content = resultSet1.getString("content");
                        String pic = resultSet1.getString("pic");
                        newBanner.setPic(pic);
                        newBanner.setContent(content);
                        newBanner.setTitle(title);
                        newBanner.setSort(sort);
                        bannerList.add(newBanner);

                    }
                    System.out.println(bannerList.size());
                    req.setAttribute("bannerList",bannerList);

                }else {
//                    resp.getWriter().print("用户不存在！！");
//                    resp.getWriter().print("<script language='javascript'>alert('您输入的账号或密码错误');window.location.href='/trading_war_exploded/login_page.html?filename=';</script>");
                    req.getRequestDispatcher("/404.html").forward(req,resp);

                    return;
                }
            }
        }catch (Exception e){
            e.printStackTrace();
        }

        // 3、把用户名存入session会话中
        req.getSession().setAttribute("userId",uname);
        // 4、登录成功后，重定向到首页
        // 4.1 重定向到首页之前，需要准备好首页需要展示的数据-->轮播图，商品信息 TODO



        // 转发req域的数据可以在index.jsp页面获取，但是重定向则不行
        req.getRequestDispatcher("/index.jsp?filename=").forward(req,resp);
        //resp.sendRedirect(req.getContextPath()+"/index.jsp?filename=");
    }
}
